Since we don't imagine Switchzilla has started giving away the version of IOS running in its ASA firewalls, Vulture South suspects it arises from a popular open source library. Which means other vulnerable devices could be out there.

In the normal course of events, a host would receive that packet in response to a message it had initiated – but of course, it's trivial to craft that packet and send it to a target.

In devices susceptible to BlackNurse, the operating system gets indigestion trying to process even a relatively low rate of these messages – in the original report from Denmark's TF-CSIRT, gigabit-capable routers could be borked by just 18 Mbps of BlackNurse traffic on their WAN interfaces.